233173 – security/openssl111: fails to stage if PREFIX != LOCALBASE

Bug 233173 - security/openssl111: fails to stage if PREFIX != LOCALBASE

Summary: security/openssl111: fails to stage if PREFIX != LOCALBASE

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Bernard Spil

URL:
Keywords:	needs-patch

Depends on:
Blocks:

Reported:	2018-11-12 17:06 UTC by John Hein
Modified:	2018-11-21 13:58 UTC (History)
CC List:	2 users (show)

See Also:	233314

Flags:	bugzilla: maintainer-feedback? (brnrd)

Attachments
[patch] update security/openssl111 to build with non-default PREFIX (388 bytes, patch) 2018-11-12 17:36 UTC, John Hein	brnrd: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Hein 2018-11-12 17:06:13 UTC

Comment 1 John Hein 2018-11-12 17:36:08 UTC

Created attachment 199180 [details]
[patch] update security/openssl111 to build with non-default PREFIX

If you build openssl111 with PREFIX=/foo, it fails during 'make stage'.

Comment 2 John Hein 2018-11-12 18:19:54 UTC

Comment on attachment 199180 [details]
[patch] update security/openssl111 to build with non-default PREFIX

The patch builds ok in poudriere testport.
No new portlint warnings.

Comment 3 Bernard Spil freebsd_committer

2018-11-12 20:26:25 UTC

Comment on attachment 199180 [details]
[patch] update security/openssl111 to build with non-default PREFIX

Hi John,

Thanks for bringing this up! This is indeed an issue in the current port. I have it queued to be added on the next commit.

Cheers, Bernard.

Comment 4 commit-hook freebsd_committer

2018-11-20 17:52:07 UTC

A commit references this bug:

Author: brnrd
Date: Tue Nov 20 17:51:35 UTC 2018
New revision: 485451
URL: https://svnweb.freebsd.org/changeset/ports/485451

Log:
  security/openssl111: Update to 1.1.1a

   - Fix prefix [1]

  PR:		233173 [1]
  Submitted by:	John Hein <z7dr6ut7gs snkmail com> [1]

Changes:
  head/security/openssl111/Makefile
  head/security/openssl111/distinfo
  head/security/openssl111/files/patch-CVE-2018-0734
  head/security/openssl111/files/patch-CVE-2018-0735
  head/security/openssl111/pkg-plist

Comment 5 Kubilay Kocak freebsd_committer

2018-11-21 03:42:29 UTC

ports r485451 introduced [1] a backward moving DISTVERSION:

# pkg version -t 1.1.1 1.1.1.a
# >

Apart from the version moving backward, and the change required to fix it (PORTEPOCH?), it also currently results in the openssl111 port being incorrectly described as vulnerable (via portaudit):

# ===>  openssl111-1.1.1.a has known vulnerabilities:
# openssl111-1.1.1.a is vulnerable:
# OpenSSL -- Multiple vulnerabilities in 1.1 branch
# CVE: CVE-2018-0734
# CVE: CVE-2018-0735
# WWW: https://vuxml.FreeBSD.org/freebsd/238ae7de-dba2-11e8-b713-b499baebfeaf.html

The vuxml entry for openssl11 uses "< 1.1.1_2" as the version specifier, which is also greater than the current DISTVERSION:

# pkg version -t 1.1.1_2 1.1.1.a
# >

The VuXML entry may need updating once the DISTVERSION issue is resolved.

[1] https://lists.freebsd.org/pipermail/svn-ports-all/2018-November/199899.html

Comment 6 Tobias Kortkamp freebsd_committer

2018-11-21 04:28:18 UTC

(In reply to Kubilay Kocak from comment #5)
A PORTEPOCH bump is not the best solution here (though certainly it would
solve it too).  Both of the problems can be solved by just changing
DISTVERSION back to PORTVERSION.

Comment 7 Tobias Kortkamp freebsd_committer

2018-11-21 13:58:18 UTC

(In reply to Tobias Kortkamp from comment #6)
Problem was fixed in ports r485516.